Bugtraq mailing list archives
Re: Denial of Service Against pcAnywhere.
From: six () MINDLESS COM (Patrick Turcotte)
Date: Wed, 3 May 2000 17:42:28 -0400
Greetings Following vacuum's post... I did some testing, since colleagues of mine have pcAnywhere running in a production environment (yes, I *am* ashamed of reporting NT stuff ;-) ): nmap v2.51 installed on Solaris 7 host, on the same LAN as the host, as the scanning platform network environment: switched 100 Mbps LAN NT 4.0 Workstation SP1 host, pcAnywhere 9.0.0 build 133, Win98 SE client, pcAnywhere 9.0.0 build 133: nmap -sT -sU, nmap -sS and nmap -sT all cause pcAnywhere host app to stop answering to connection requests NT 4.0 Workstation SP5 host, pcAnywhere 9.0.0 build 133, Win98 SE client, pcAnywhere 9.0.0 build 133: nmap -sT causes pcAnywhere host app to stop answering to connection requests NT 4.0 Workstation SP5 host, pcAnywhere 9.2.0 build 239, Win98 SE client, pcAnywhere 9.2.0 build 239: nmap -sT causes pcAnywhere host app to stop answering to connection requests All tests were done both in unencrypted mode and with pcAnywhere encryption, with no difference in the results. A simple cancelling and restarting of the pcAnywhere host service fixed the crash, but this kind of defeats the purpose of remote administration, doesn't it? And yes, where vacuum needed a SYN scan, a simple TCP scan was necessary here, for obscure reasons. Some tests were also done with other portscanners, but didn't produce the same effect; if there is some interest out there, I'll explore this avenue further. The information was forwarded to Symantec's tech support. Salutations, and long live Bugtraq. Six At 04:40 PM 25/04/00 -0500, vacuum wrote:
While performing a routine network audit, a TCP SYN scan caused every pcAnywhere Host service on the network to stop responding.
_______________________________________________________ Patrick Turcotte This is who we are. six () mindless com
Current thread:
- Re: Denial of Service Against pcAnywhere. Patrick Turcotte (May 03)